Slashdot Mirror

theodp writes "While the Administration is counting on new Federal CIO Vivek Kundra to simplify and speed the federal IT procurement process, it's doubtful he'll be able to reduce red tape to the extent that a former minion of his did at the scandal-rocked D.C. Office of the CTO. Exhibiting some truly out-of-the-box thinking, project manager Tawanna Sellmon not only processed phony invoices for the contractor at the center of the D.C. bribery and kickback scandal, she also gave him the password to the city's computerized database used to track purchase orders. Sellmon pleaded guilty last week for her role in the scam, which netted her an envelope containing $2,000 in cash, as well as an undisclosed number of $25-$100 gift cards."

wiredog writes "From The Washington Post comes news that the FCC is preparing to propose net neutrality rules on Monday. Quoting: '[FCC Chairman Julius Genachowski] will discuss the rules Monday during a keynote speech at The Brookings Institute. He isn't expected to drill into many details, but the proposal will specifically be for an additional guideline on how operators like AT&T, Verizon, and Comcast can control what goes on their networks. That additional guideline would prevent the operators from discriminating, or act as gatekeepers, of Web content and services. ... The agency is expected to review what traffic management is reasonable and what practices are discriminatory. The guidelines are known as "principals" at the agency, which some public interest groups have sought to codify so that they would clearly be enforceable.'"

Hugh Pickens writes "The Washington Post reports that disgruntled lovers and spouses considering divorce are flocking to services like YourHackerz.com that boast they have little trouble hacking into Web-based e-mail systems like AOL, Yahoo, Gmail, Facebook and Hotmail. The services advertise openly, and there doesn't appear to be much anyone can do about it because while federal law prohibits hacking into e-mail, without further illegal activity, it's only a misdemeanor, says Orin Kerr, a law professor at George Washington University. 'The feds usually don't have the resources to investigate and prosecute misdemeanors,' says Kerr. 'And part of the reason is that normally it's hard to know when an account has been compromised, because e-mail snooping doesn't leave a trace.' It's not clear where YourHackerz.com is located, but experts suspect that most password hacking businesses are based overseas."

Hugh Pickens writes "The Washington Post reports that thousands of high school students in Prince George's County missed a third day of classes Wednesday, and school officials said it could take more than a week to sort out the chaos caused by a computerized class-scheduling system as students were placed in gyms, auditoriums, cafeterias, libraries and classes they didn't want or need at high schools across the county and their parents' fury over the logistical nightmare rose. 'The school year comes up the same time every year,' said Carolyn Oliver, the mother of a 16-year-old senior who spent Wednesday in the senior lounge at Bowie High School. 'When I heard they didn't have schedules, I was like, "What have they been doing all summer?"' When school opened Monday, about 8,000 high school students had no class schedules and were sent to wait in holding spaces while administrators tried to sort things out." (More below.)

tsu doh nimh writes "Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the US, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions, The Washington Post's Security Fix blog reports: '"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," reads a confidential alert issued by the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector.' The banking group is urging that commercial bank customers 'carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.' The story includes interviews with several victim businesses, and explains that in each case, the fraudsters — thought to reside in Eastern Europe — are using "'money mules,' unwitting or willing accomplices in the US hired via Internet job boards. The blog has more stories and details about these crimes."

tsu doh nimh writes "Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the US, setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions, The Washington Post's Security Fix blog reports: '"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," reads a confidential alert issued by the Financial Services Information Sharing and Analysis Center, an industry group created to share data about critical threats to the financial sector.' The banking group is urging that commercial bank customers 'carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.' The story includes interviews with several victim businesses, and explains that in each case, the fraudsters — thought to reside in Eastern Europe — are using "'money mules,' unwitting or willing accomplices in the US hired via Internet job boards. The blog has more stories and details about these crimes."

kamapuaa writes "According to a study published in the upcoming October issue of the American Journal of Preventive Medicine, the average US video game player is 35 years old, overweight, and tends toward depression. Specifically, female video game players tended towards depression, while males tended towards large BMIs. While the study itself points to several conclusions, one researcher noted: '... habitual use of video games as a coping response may provide a genesis for obsessive-compulsive video-game playing, if not video-game addiction.'" On the flip side, the Washington Post is running a story about the mental health benefits of playing video games.

Kris Thalamus writes "The Washington Post reports that a Virginia woman is being held in custody by police who allege that information she posted on her blog puts members of the Jefferson area drug enforcement task force at risk. 'In a nearly year-long barrage of blog posts, she published snapshots she took in public of many or most of the task force's officers; detailed their comings and goings by following them in her car; mused about their habits and looks; hinted that she may have had a personal relationship with one of them; and, in one instance, reported that she had tipped off a local newspaper about their movements. Predictably, this annoyed law enforcement officials, who, it's fair to guess, comprised much of her readership before her arrest. But what seems to have sent them over the edge — and skewed their judgment — is Ms. Strom's decision to post the name and address of one of the officers with a street-view photo of his house. All this information was publicly available, including the photograph, which Ms. Strom gleaned from municipal records.'"

jmcharry sends word that as the deadline looms for requesting broadband grants from the $4.7 billion available in stimulus funding, Comcast, Verizon, and AT&T are conspicuously absent from the list of applicants. Quoting the Washington Post: "Their reasons are varied. All three say they are flush with cash, enough to upgrade and expand their broadband networks on their own. Some say taking money could draw unwanted scrutiny of business practices and compensation, as seen with automakers and banks that have taken government bailouts. And privately, some companies are griping about conditions attached to the money, including a net-neutrality rule that they say would prevent them from managing traffic on their networks in the way they want. ... Yet those firms might be the best positioned to achieve the goal of spreading Internet access to underserved areas, some experts say." Reader Michael_Curator notes that while the major carriers may be holding back, there were still enough applications to slow government servers to a crawl, resulting in a deadline extension.

Hugh Pickens writes "The Washington Posts reports that the Social Security Administration has agreed to pay more than $500 million in back benefits to more than 80,000 recipients whose benefits were unfairly denied after they were flagged by a federal computer program designed to catch serious criminals. At issue is a 1996 law, which contained language later nicknamed the 'fleeing felon' provision, that said fugitives were ineligible to receive federal benefits. As part of its enforcement, the administration began searching computer databases to weed out people who were collecting benefits and had outstanding warrants. The searches captured dozens of criminals, including some wanted for homicide, but they also ensnared countless elderly and disabled people accused of relatively minor offenses such as shoplifting or writing bad checks and in some cases, the victims simply shared a name and a birth date with an offender." (Read more, below.) "The lead plaintiff in the class-action suit, Rosa Martinez, 52, of Redwood City, Calif., was cut off from her $870 monthly disability benefit check in January 2008 because the system had flagged an outstanding drug warrant in 1980 for a different Rosa Martinez from Miami. Officials said it is difficult to estimate how many social security recipients might be affected by the agreement but said the number is fewer than 1 percent nationally. 'What's remarkable about this case is thesheer number of individuals who were unfairly denied benefits and the size of the financial settlement they will receive,' said David H. Fry of Munger, Tolles & Olson, one of the pro bono attorneys who represented victims."

The Narrative Fallacy writes "The Washington Post reports that online swindling takes dedication even in the best of times but succeeding in the midst of a worldwide economic meltdown takes patience, resolve, and hard work. 'We are working harder. The financial crisis is not making it easy for them over there,' said Banjo, 24, speaking about Americans, whose trust he has won and whose money he has fleeced, via his Dell laptop. 'They don't have money. And the money they don't have, we want.' US authorities say Americans — the easiest prey, according to Nigerian scammers — still lose hundreds of millions of dollars a year to cybercrimes, including a scheme known as the Nigerian 419 fraud, named for a section of the Nigerian criminal code. 419 is cemented in Nigerian popular culture. and the scammers, known as 'yahoo-yahoo boys,' are glorified in pop songs such as 'Yahoozee,' which gained even more fame after former secretary of state Colin L. Powell danced to it at a London festival last year."

An anonymous reader writes "With the deadline for a Supreme Court appeal rapidly approaching, the students who sued TurnItIn.com for issues surrounding copyright infringement reached a settlement with the site's company on Friday. Now the search goes out for any student who has a paper which is being held by TurnItIn that they did not upload themselves. If your teacher uploaded a paper and ran a TurnItIn report without your permission, I bet the students' attorney would like to hear from you."

Ponca City, We love you writes "The Washington Post reports that Transportation Secretary Ray LaHood has called members of Congress to inform them that the 'cash for clunkers' program will be suspended because the program has run out of money, and congressmen say they intend to ask the Obama administration to divert some funding from the existing economic stimulus package to maintain a scheme that they see as genuinely stimulative. 'Clearly, this has been a very stimulative program that's got consumers back into the car market. It's our hope that possibly more funds can be made available,' says Cody Lusk, president of the American International Automobile Dealers Association." If there is more funding, though, a report on CNET says it may come out of money to have been set aside for renewable energy loans by the US government.

An anonymous reader writes "A student team from Virginia Tech Robotics and Mechanisms Laboratory have created a vehicle which allows the blind to drive. The vehicle uses a laser range finder to determine distances and alerts the driver through voice commands and vibration. Tomorrow [Friday] morning, the vehicle will have its first public test drive at the University of Maryland. At last, Braille on drive-up ATMs may finally be vindicated."

krou writes "The Washington Post has a look at the rise of the digital nomad, workers who have shunned the idea of working in an office, or working from home. Instead, they've taken the next logical step in the evolution of teleworking, and work wherever there is a Wi-Fi or 3G connection, using tools such as Facebook, Skype, and Twitter, to gain both primitive ('If I'm working at home by myself, I am really hating life. I need people.') and practical ('There is no hope for the road system around here.') benefits from this nomadic lifestyle. The need for contact with other people has driven some nomads to start working with others in public places and at strangers' homes. Other benefits from nomadic working include changing the scenery, and starting the work day 'long after many of their colleagues out at the cubicle farm have spent hours preparing for and getting to their workstations.' Coffee shop owners love the trend, and so do some employers, one of whom (an AOL manager), says: 'It's a win-win' because the employee in question 'is happy doing what he loves and from a business perspective, we gain valuable industry knowledge, contacts, and insights.'"

Hugh Pickens writes "The Washington Post reports that Department of Homeland Security is relying on a rushed, flawed study to justify its decision to locate the $700 million National Bio and Agro-Defense Facility for highly infectious pathogens in a tornado-prone section of Kansas. A GAO report says that it is not 'scientifically defensible' to conclude that lab can safely handle dangerous animal diseases in Kansas. Such research has been conducted up to now on a remote island on the northern tip of Long Island, NY. 'Drawing conclusions about relocating research with highly infectious exotic animal pathogens from questionable methodology could result in regrettable consequences,' the GAO warned in its draft report. Critics of moving the operation to the mainland argue that a release could lead to widespread contamination that could kill livestock, devastate a farm economy, and endanger humans. Along with the highly contagious foot-and-mouth disease, NBAF researchers plan to study African swine fever, Japanese encephalitis, Rift Valley fever, and other viruses in the Biosafety Level (BSL) 3 and BSL-4 livestock laboratory capable of developing countermeasures for foreign animal diseases. According to the article, DHS lobbied a Congressional committee to try and convince them that the GAO report was flawed, and to head off any hearings on the controversy. Despite this, the House Energy and Commerce Committee's oversight and investigations subcommittee plans to hold a hearing Thursday on the risk analysis."

Frequent Slashdot contributor Bennett Haselton writes "A judge rules that IP addresses are not 'personally identifiable information' (PII) because they identify computers, not people. That's absurd, but in truth there is no standard definition of PII in the industry anyway, because you don't need one in order to write secure software. Here's a definition of 'PII' that the judge could have adopted instead, to reach the same conclusion by less specious reasoning." Hit the link below to read the rest of his thoughts.

US District Court Judge Richard Jones's recent ruling in Johnson v. Microsoft has been much ridiculed for saying that IP addresses are not "personally identifiable information" (PII) because they identify computers, not individual users. Legions of critics have pointed out that this is like saying home addresses are not PII because they identify houses, not people. And it was pretty silly for Jones to say that "the only reasonable interpretation" of PII would be to exclude IP addresses from the definition — when, as the plaintiffs pointed out, Microsoft's own website defined PII to include IP addresses. (Microsoft has since removed from that definition from their online glossary and replaced with a link to their privacy statement.)

But the open secret in the privacy tech industry is that nobody knows exactly what "personally identifiable information" means anyway, and nobody cares, either. This is not because industry leaders don't care about privacy and security. They do. But being a good, privacy-conscious software architect has nothing to do with nit-picking the details of what counts as PII. If you're designing the new Hotmail, you should just know that passwords should be encrypted when users log in over the Web, that third parties should not be able to query the Hotmail database and harvest e-mail addresses, that users shouldn't be able to extract personal data such as birthdates that are associated with another user's e-mail address, etc. If you don't instinctively know those things already, then memorizing a definition for "PII" is not going to make you a good security-conscious programmer.

Conversely, the major security threats facing Windows users — malware infection through security holes in Windows and Internet Explorer — have nothing to do with the definition of PII or the finer points of Microsoft's privacy policy. There may even be public relations gurus at Microsoft who are glad to see the "IP addresses as PII" controversy in the headlines, if that relatively minor privacy issue distracts the public from the vastly more serious threats posed browser security holes.

There are indeed published definitions of "PII" — the US Office of Management and Budget Memo 07-16 defines PII as:

"information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc."

But that doesn't pass the test of what makes a good definition, which is: If two different people read that definition, and then you gave them an example of a piece of data (such as the school that someone graduated from), would they usually be able to agree on whether that data counts as "PII?" How about IP addresses? From the written definition alone, there's no way to tell for sure.

I actually worked as a contractor at Microsoft at the onset of the PII craze, and in order to commence working on what would eventually become Windows Live, we all had to watch a streaming video about PII, what it was, how to secure it, etc. Near the beginning, the narrator gave some examples of PII, including e-mail addresses, and mentioned that PII should be encrypted when transmitted over the Internet. (I'm not violating any confidentiality; these standards were all publicly released later.) Full of first-week-on-the-job idealism, I looked up the narrator in the company directory and earnestly typed out an e-mail raising some points, such as: Doesn't Hotmail display your e-mail address over an unencrypted connection when you're signed in to Hotmail? And anyway, because the standard e-mail protocols always transmit To: and From: addresses unencrypted over the Internet, how would it ever be possible to "encrypt e-mail addresses in transit" anyway? Wouldn't it make more sense to specify that individual e-mail addresses can be transmitted in the clear one at a time, but if we're ever transferring a large number of them in bulk, it would be wise to encrypt the list, to reduce the chance of it falling into the hands of a spammer?

Then the video kept rolling, and making more statements that seemed to contradict earlier ones, or that were too vague to give me any idea of what I was actually supposed to do in a given situation, and eventually I got the point: We do care about privacy and security. But, there is no algorithm that can determine unambiguously what counts as "PII" or what you're supposed to do in order to safeguard it. You just have to use your common sense and ask around if you're not sure. The main point of the video is to reinforce how important this is, not to impart any actual information.

So Judge Jones could have picked from many possible definitions of "PII," and nobody would be able to call him "wrong," as long as the industry doesn't know what it means, either. What he was really trying to decide was whether Microsoft violated its promise "not to collect PII" during the Windows Update process, because the IP addresses of users doing the downloads were visible to Microsoft's servers. The plaintiffs made some other claims in Johnson v. Microsoft that I think have more merit (basically, arguing that the "Windows Genuine Advantage" anti-piracy tool should not have been foisted on users without their consent as part of the Windows Update process), but on this particular point, I think they were bound to lose on the claim that collecting IP addresses during a download was a privacy violation. After all, if the judge had ruled in their favor on this point, Microsoft would have had to discontinue Windows Update in order to comply with the ruling, and I don't think anybody wants that.

So, maybe Judge Jones just decided that he didn't want to be known as the judge who outlawed Windows security updates, so he determined in advance that he was going to rule that Microsoft did not violate users' privacy by collecting IP addresses during Windows Update. Then he worked backwards from there to find reasoning that supported this conclusion. That's not really how it's supposed to work, but at least he could have had good intentions.

Unfortunately, the reasoning that he hit on was the absurd argument that IP addresses are not PII because they identify computers, not the people who own them. Here's something that he could have said instead:

"I'm not counting IP addresses as PII, because in order to find out who was using an IP address at a particular time, you have to subpoena the ISP. That's what makes them different from names and home addresses, which can be matched to individual people without a subpoena. As long as Microsoft isn't subpoenaing ISPs to find out who was using a particular IP address, for all practical purposes they are not 'personally identifiable.'"

Judge Jones actually started out in that direction by quoting from another case, Klimas v. Comcast Cable Communications, Inc., where the court wrote, "We further note that IP addresses do not in and of themselves reveal 'a subscriber's name, address, [or] social security number.' That information can only be gleaned if a list of subscribers is matched up with a list of their individual IP addresses." And that list matching up subscribers with the IP addresses they were using at a given time, can only be obtained with a subpoena. Jones could have quit while he was ahead and stuck with that reasoning, and he would have avoided all the ridicule that came from his statement about IP addresses.

Or maybe Judge Jones could have just said,

"Look, you don't have a standard definition for PII anyway. You adapt it to each individual situation, in order to determine what privacy protections should be built into each program, by using your common sense. So that's what I'm doing to do in this situation too. And my common sense tells me that having IP addresses visible to Microsoft's servers during the Windows Update process, is not a privacy violation, because that's how downloads work."

That's as good a definition of PII as any. Now let's get back to the real work of stopping Russian porno spammers from pwning our machines in the first place.

NewbieV writes "The international space station is by far the largest spacecraft ever built by earthlings. Circling the Earth every 90 minutes, it often passes over North America and is visible from the ground when night has fallen but the station, up high, is still bathed in sunlight. After more than a decade of construction, it is nearing completion and finally has a full crew of six astronauts. The last components should be installed by the end of next year. And then? 'In the first quarter of 2016, we'll prep and de-orbit the spacecraft,' says NASA's space station program manager, Michael T. Suffredini."

theodp writes "The Federal CIO got a standing ovation for the new Federal IT Dashboard. Federal contractors got the cash. But sneak a peek at the 'customcode' directory behind the Dashboard, and you'll see that some individuals also helped bring it to life with their free software. For starters, there's Timothy Groves' Auto Suggest (Creative Commons License), Alf Magne Kalleland's Ajax Tooltip and Dynamic List (GNU Lesser General Public License), and Gregory Wild-Smith's Simple AJAX Code-Kit (SACK) (modified X11 License)."

tsu doh nimh writes "Several news sources are reporting that the tens of thousands of Microsoft Windows systems infected with the Mydoom worm and being used in an ongoing denial of service attack against US and S. Korean government Web sites will likely have their hard drives wiped of data come Friday. From The Washington Post's Security Fix blog, the malware is 'designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence day," followed by as many "u" characters as it takes to write over every sector of every physical drive attached to the compromised system.' ChannelNews Asia carries similar information."

plover recommends a detailed account by Brian Krebs in the Washington Post's Security Fix column of a complex hack and con job resulting in the theft of $415,000 from Bullitt County, Kentucky. "The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. ...the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country... [T]he criminals stole the money using a custom variant of a keystroke logging Trojan known as 'Zeus' (a.k.a. 'Zbot') that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware... is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection."

BotScout writes "The nation's Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual's date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person's Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. A Social Security Administration spokesman said the government has long cautioned the private sector against using a social security number as a personal identifier, even as it insists 'there is no fool-proof method for predicting a person's Social Security Number.'" Update: 07/07 00:01 GMT by T : Reader angrytuna links to Wired's coverage of the SSN deduction system, and links to the researchers' FAQ at Carnegie Mellon, which says that the research paper will be presented at BlackHat Las Vegas later this month.

BabyDuckHat writes "Cnet's Dennis O'Reilly caught 'Windows Search Helper' trying to change his default Firefox search from Google to Bing. This isn't the first time the software company has been caught quietly changing user's preferences to benefit its own products."

andy1307 writes "Vivek Kundra, the federal chief information officer, announced on Tuesday a new Web site designed to track more than $70 billion in government IT spending, showing all contracts held by major firms within every agency. The (Flash-heavy) site, USAspending.gov, shows detailed information about whether IT contracts are being monitored and budgets being met. The data also show which contracts were won through a competitive process or in a no-bid method (the latter approach is criticized by good-government advocates for excluding firms from business opportunities). Each prime contractor is listed as well as the status of that project; sub-contractors are not yet shown."

An anonymous reader sends news from The Washington Post's Security Fix blog of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher "...converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay." If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.

theodp writes "CNET reports that less than two weeks before the EPA formally submitted its pro-carbon dioxide regulation recommendation to the White House, an EPA center director quashed a 98-page report that warned against making hasty 'decisions based on a scientific hypothesis that does not appear to explain most of the available data.' In an e-mail message (pdf) to a staff researcher on March 17, the EPA official wrote: 'The administrator and the administration has decided to move forward...and your comments do not help the legal or policy case for this decision.' The employee was also ordered not to 'have any direct communication' with anyone outside his small group at EPA on the topic of climate change, and was informed his report would not be shared with the agency group working on the topic. In a statement, the EPA took aim at the credentials of the report's author, Alan Carlin (BS Physics-Caltech, PhD Econ-MIT), describing him as 'not a scientist.' BTW, the official who chastised Carlin also found himself caught up in a 2005 brouhaha over mercury emissions after top EPA officials ordered the findings of a Harvard University study stripped from public records."

Death Metal writes "All of Earth's people, according to a new analysis of the genomes of 53 populations, fall into just three genetic groups. They are the products of the first and most important journey our species made — the walk out of Africa about 70,000 years ago by a small fraction of ancestral Homo sapiens."

Hugh Pickens writes "The decision by the Washington Post to publish an article exclusively online has angered many readers who still pay for the print edition of the newspaper and highlighted the thorny issues newspaper editors still face in serving both print and online audiences. The 7,000 word story about the slaying in 2006 of Robert Wone, a young lawyer who was found stabbed to death in a luxurious townhouse in the Dupont Circle neighborhood of Washington where a 'polyamorous family' of three men lived, is the sort of long-form reporting that newspaper editors say still justifies print in the digital age and many editors agree that print is still the place to publish deep investigative reporting, in part to give certain readers a reason to keep paying for news. 'If you're doing long form, you should do it in print,' said newspaper consultant Mark Potts. 'This just felt like a nice two-part series that they didn't have the room to put in the paper, so they just threw it on the Web.' Editors at The Post say they considered publishing the article in print, but they concluded it was too long at a time when the paper, like most others, was in dire financial straits and trying to scale back newsprint costs. 'Newspapers are going broke in part because news can be read, free of charge, on the Internet,' wrote one reader in a letter to the editor. 'As a nearly lifelong reader of The Post, I could not read this article in the paper I pay for and subscribe to; instead I came on it accidentally while scrolling online for business reasons.'"

I Don't Believe in Imaginary Property writes "With all the turmoil and internet censorship in Iran making it difficult to get an accurate picture of what's going, security researchers have found a way to locate gaps in Iran's filtering by analyzing traffic exiting Iran. The short version is that SSH, torrents and Flash are high priorities for blocking, while game protocols like WoW and Xbox traffic are being ignored, even though they also allow communication. Hopefully, this data will help people think of new ways to bypass filtering and speak freely, even though average Iranians have worse things to worry about than internet censorship, now that the reformists have been declared anti-Islamic by the Supreme Leader. Given the circumstances, that declaration has been called 'basically a death sentence' for those who continue protesting." Reader CaroKann sends in a related story at the Washington Post about an analysis of the vote totals in the Iranian election (similar to, but different from the one we discussed earlier) in which the authors say the election results have a one in two-hundred chance of being legitimate.

The Washington Post is running a story on the Obama Administration's attempt to get a scaled-back version of Bush's Real ID program passed and implemented. We've been discussing the Real ID program from its earliest days up through the states' resistance to its "unfunded mandate." "Yielding to a rebellion by states that refused to pay for it, the Obama administration is moving to scale back a federal law passed after the Sept. 11 terrorist attacks that was designed to tighten security requirements for driver's licenses... Homeland Security Secretary Janet Napolitano wants to repeal and replace the controversial, $4 billion domestic security initiative known as Real ID... The new proposal, called Pass ID, would be cheaper, less rigorous, and partly funded by federal grants, according to draft legislation that Napolitano's Senate allies plan to introduce as early as tomorrow. ...the Bush administration struggled to implement the 2005 [Real ID] law, delaying the program repeatedly as states called it an unfunded mandate and privacy advocates warned it would create a de facto national ID."

ravjen writes with news that "Swiss pharmaceutical company Novartis AG said they have successfully produced a swine flu vaccine weeks ahead of their expectations. The vaccine was made in cells, rather than grown in eggs as is usually the case with vaccines." This announcement came just a day after the World Health Organization declared H1N1's spread to be a pandemic. The vaccine has not been tested in humans yet, so the first batch is set to be used in clinical trials and pre-clinical testing. If all goes well, the new production method would allow Novartis to get the drug to market in large quantities by this fall. Other drug companies, such as Baxter International, have confirmed that they're in "full-scale production" of H1N1 vaccines as well.

An anonymous reader writes "The Washington Post is reporting that the US Justice Department has indicted three residents of the Philippines for breaking into more than 2,500 corporate PBX systems in the United States and abroad. The government says the hackers sold access to those systems to operators of call centers in Italy, which allegedly made 12 million minutes of unauthorized phone calls through the system, valued at more than $55 million. The DOJ's action coincides with an announcement from Italian authorities today of the arrest of five men there who are suspected of funneling the profits from those call centers to terrorist groups in Southeast Asia."

buzzinglikeafridge writes "After Sequoia voting machines registered more votes than there were voters in DC's primaries last September, and the city threatened a lawsuit as a result, the company agreed to disclose technical details of the system (including source code) to the city. Although this isn't the first time the company has disclosed the source code of its machines, it is the first time the machines' blueprints will be handed over as well."

An anonymous reader writes "The Federal Trade Commission has convinced a federal judge to pull the plug on a 3FN.net, a.k.a. 'Pricewert LLC,' a Northern California based hosting provider. The FTC alleges that 3FN/Pricewert was directly involved in setting up spam-spewing botnets, among other illegal activities, the Washington Post's Security Fix Blog writes. From the story: 'Pricewert hosts very little legitimate content and vast quantities of illegal, malicious, and harmful content, including child pornography, botnet command and control servers, spyware, viruses, trojans, phishing related sites, illegal online pharmacies, investment and other Web-based scams, and pornography featuring violence, bestiality, and incest.' The story quotes a former Justice Dept. expert saying the FTC action may be a smoke screen for a larger criminal investigation by the federal government in 3FN's activities."

suraj.sun writes with this excerpt from the Washington Post: "The Justice Department has launched an investigation into whether some of the nation's largest technology companies violated antitrust laws by negotiating the recruiting and hiring of one another's employees, according to two sources with knowledge of the review. The review, which is said to be in its preliminary stages, is focused on Google; its competitor Yahoo; Apple; and the biotech firm Genentech, among others, according to the sources, who spoke on condition of anonymity because the investigation is ongoing. The sources said the review includes other tech companies and is 'industry-wide.' By agreeing not to hire away top talent, the companies could be stifling competition and trying to maintain their market power unfairly, antitrust experts said. ... Obama's antitrust chief at the Justice Department, Christine Varney, has said she plans to look at the network effects of high-tech companies and how their grasp on markets has cut out competitors and hurt consumers."

hemantm writes "A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser."

bernieS writes "The Washington Post describes what happens when a construction backhoe accidentally cuts buried fiber so secret that it doesn't appear on public maps — and what happens when the Men in Black SUVs appear out of nowhere. Apparently, the numerous secret fiber and utility lines used by government intelligence agencies are being dug up with increasing frequency with all the increased construction projects in the DC area. It's amazing how quickly they get repaired!"

An anonymous reader points out that the Security Fix blog is running a feature looking at the different ways hacked/cracked computers can be abused by cyber scammers. "Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common — yet often overlooked — ways that cyber crooks can put your PC to criminal use."

An anonymous reader writes "The Washington Post reports that President Obama is set to appoint a 'Cybersecurity czar with a broad mandate': 'The adviser will have the most comprehensive mandate granted to such an official to date and will probably be a member of the National Security Council but will report to the national security adviser as well as the senior White House economic adviser, said the sources, who spoke on the condition of anonymity because the deliberations are not final. The announcement will coincide with the long-anticipated release of a 40-page report that evaluates the government's cybersecurity initiatives and policies. The report is intended to outline a "strategic vision" and the range of issues the new adviser must handle, but it will not delve into details, administration officials told reporters last month.' Cynics are expecting the appointee to be a lawyer for the RIAA."

Hugh Pickens writes "The Washington Post reports that for the past two years, the Defense Department has been collaborating with critical industries to stem the loss of important defense industry data — by some estimates at least $100 billion worth over that time. The Pentagon is considering ways to share its threat data with other industries including telecommunications and Internet service providers, led by the DoD's Cyber Crime Center, the clearinghouse for threat data from the NSA, military agencies, the DHS, and industry. The Pentagon's trial program with industry illuminates the promise and the pitfalls of such partnerships: a reluctance of intelligence and law enforcement agencies to release threat data they consider classified, and the companies' fear of losing control over personal or proprietary information. 'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'"

cheezitmike writes "This week in Washington, DC, a group of Sci-Fi writers is helping the US Department of Homeland Security envision the future at the 2009 Homeland Security Science & Technology Stakeholders Conference. The agency is hoping the interaction between writers and bureaucrats helps the government 'break old habits of thought' and 'help managers think more broadly about projects and their potential reactions and unintended consequences.' And, it's at minimal expense to taxpayers, since the writers are consulting pro bono."

theodp writes "On Tuesday, the Senate Committee on Commerce, Science, and Transportation will examine the nomination of Aneesh Chopra as the first-ever federal Chief Technology Officer. Senate sources said they were not aware of any debate surrounding his nomination. You'd think the hack-for-$10-million-ransom of Virginia's Prescription Monitoring Program might be good for a question or two. Or the wisdom of appointing a CTO who's no technologist. It might also be worth bringing up Chopra's membership in TiE-DC, a group which promises 'exclusive peer networking events' with government officials and Federal contractors, including TiE-DC sponsor Microsoft. Are there any other issues that might make the Confirmation Hearing more than a rubber-stamping?"

Hugh Pickens writes "Space shuttle Atlantis is slated to lift off Monday on the fifth and final servicing mission to Hubble with four mission specialists alternating in two-astronaut teams will attempt a total of five spacewalks from Atlantis to replace broken components, add new science instruments, and swap out the telescope's six 125-pound (57-kilogram) batteries, original parts that have powered Hubble's night-side operations for nearly two decades. 'This is our final opportunity to service and upgrade Hubble,' says David Leckrone, senior project scientist for the Hubble Space Telescope. 'So we're replacing some items that are getting long in the tooth to give Hubble longevity, and then we'll try to take advantage of that five- to 10-year extra lifetime with the most powerful instrumental tools we've ever had on board.' Some of the upgrades are relatively straightforward and modular: yank out old part, put in new. But they're big parts: The 'fine guidance sensors' sound delicate but weigh as much as a grand piano back on Earth. But what's different this time is that the astronauts will also open up some instruments and root around inside, doing Geek Squad-like repairs while wearing bulky spacesuits and traveling around the planet at 17,000 mph. 'We have this choreographed almost down to the minute of what we want the crew to do. It's this really fine ballet,' said Keith Walyus, the servicing mission operations manager at Goddard. 'We've been training for this for seven years. We can't wait for this to happen.'"

Hugh Pickens writes "Work resumed this week on the five-year project to link a chain of tower-mounted sensors and other surveillance equipment over most of the 2,000-mile border with Mexico. The network of cameras, radar, and communications gear is intended to speed deployment of US Border Patrol officers to intercept illegal immigrants, drug smugglers and other violators, yielding greater 'operational control' over the vast and rugged area. A $20M pilot project for the Secure Border Initiative, or 'SBInet,' carried out in the Bush administration, was generally considered a colossal IT failure. Since that time the DHS has given the prime contractor, Boeing, another $600M. The government says it has learned many lessons and made many changes in the program since the previous pilot rushed off-the-shelf equipment into operation without testing. The Obama administration has lowered the cost estimate for the 5-year project by $1.1B, to $6.7B, mainly by deferring work on the most difficult 200 miles of the border, in southwest Texas."

An anonymous reader writes "From The Washington Post's Security Fix blog comes a tale that should make any Windows home user or system admin cringe. It seems the latest version of the Zeus Trojan ships with a command that will tell all infected systems to self-destruct. From the piece: 'Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.'"

An anonymous reader writes "The Washington Post's Security Fix is reporting that hackers broke into servers at the Virginia health department that monitors prescription drug abuse and replaced the homepage with a ransom demand. The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians. Virginia isn't saying much about the attacks at the moment, except to acknowledge that they've involved the FBI, and that they've shut down e-mail and a whole mess of servers for the state department of health professionals. The Post piece credits Wikileaks as the source, which has a copy of the ransom note left behind by the attackers."

Hugh Pickens writes "Time Warner is inching closer to untangling one of the worst mergers in American corporate history that began with the merger of Time Warner with America Online, a deal that has resulted in the evaporation of more than $100 billion of shareholder value. "Although the company's board of directors has not made any decision, the company currently anticipates that it would initiate a process to spin off one or more parts of the businesses of AOL to Time Warner's stockholders, in one or a series of transactions," Time Warner said in the filing. Tech industry analysts have speculated for years that Time Warner would spin off AOL; the two companies merged in 2001 with the idea that AOL's strengths as a new media company could benefit an old media company like Time Warner, and vice versa. But few synergies ever arose from the marriage and even AOL founder Steve Case, who is no longer with the company, has said that he believes the two companies should be separated."

Akido37 was one of many readers letting us know that US Sen. Arlen Specter has changed parties to become a Democrat. This gives the Democrats 59 seats in the Senate, and 60 if and when Al Franken gets seated from Minnesota. However, Specter said in his announcement that he will not be an automatic 60th vote for breaking Republican filibusters. While the senator's move seems to have surprised many Republicans, it is understandable to moderate Republican Sen. Olympia Snowe of Maine, who said, "You haven't certainly heard warm encouraging words of how they [Republicans] view moderates. Either you are with us or against us." Specter noted that in his home state of Pennsylvania, 200,000 formerly Republican voters switched party allegiance last year.

The Narrative Fallacy writes "The Washington Post has an interesting profile on Barbara A. Ringer, who joined the Copyright Office at the Library of Congress in 1949 and spent 21 years drafting the legislation and lobbying Congress before the Copyright Act of 1976 was finally passed. Ringer wrote most of the bill herself. 'Barbara had personal and political skills that could meld together the contentious factions that threatened to tear apart every compromise in the 20 year road to passage of the 1976 Act,' wrote copyright lawyer William Patry. The act codified the fair use defense to copyright infringement. For the first time, scholars and reviewers could quote briefly from copyrighted works without having to pay fees. With the 1976 act that Ringer conceived, an author owned the copyright for his or her lifetime plus 50 years. Previously under the old 1909 law, an author owned the copyright for 28 years from the date of publication and unless the copyright was renewed, the work entered the public domain, and the author lost any right to royalties. Ringer received the President's Award for Distinguished Federal Civilian Service, the highest honor for a federal worker. Ringer remained active in copyright law for years, attending international conferences and filing briefs with the Supreme Court before her death earlier this year at age 83. 'Her contributions were monumental,' said Marybeth Peters, the Library of Congress's current register of copyrights. 'She blazed trails. She was a heroine.'"

Earthquake Retrofit writes "Brian Krebs has a story about cybersquatting on social networking sites. He cites cases of people being impersonated and reports: 'A site called knowem.com allows you to see whether your name or whatever nickname you favor is already registered at any of some 120 social networking sites on the Web today. For a $64.95 fee, the site will register all available accounts on your behalf, a manual process that it says takes one to five business days. Whether anyone could possibly use and maintain 120 different social networking accounts is beyond my imagination. I would think an automated signup service like knowem.com would be far more useful if there was also a service that people could use to simultaneously update all of these sites with the same or slightly different content.' Is it time to saddle up for a new round of Internet land grabs?" A Schneier blog post earlier this month pointed out a related story about how not establishing yourself on social sites, combined with the frequent lack of validation for friend requests, can provide identity thieves with a tempting target .